** Changed in: python-mistralclient
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1931558
Title:
LFI vulnerability in "Create Workbook"
Status in OpenStack Dashboard (Horizon):
Invalid
Status in Mistral:
Fix Released
Status in OpenStack Security Advisory:
Won't Fix
Status in python-mistralclient:
Fix Released
Bug description:
Hello,
I've found a Local File Inclusion (LFI) vulnerability in creating a workbook
on OpenStack Dashboard.
This vulnerability allows the attacker to read a sensitive file on the server
like /etc/password, config file, etc. Tested version: Victoria Horizon 18.6.3
I do not an opportunity to test the other version, but I think those versions
also vulnerable.
Steps to reproduce:
1. Create a text file datnt78.txt with content: "/etc/passwd"
2. Select Workflow -> Workbooks -> Create Workbook
3. In "Definition Source" select "File" then browse datnt78.txt file then
click Validate and got /etc/passwd content.
This is the request: http://paste.openstack.org/show/806520/
This is the response: http://paste.openstack.org/show/806521/
Please find the sample file and POC image in the attachment.
Thank you,
DatNT78 at FTEL CSOC
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1931558/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
